It is my solemn duty to inform you of the passing of your distant relative Mr Mohammed Abacha, a respected member of the Nigerian aristocracy.

I am acting in the interests of the estate of Mr Abacha who, before his death, told me that he has a sum of US$2,000,000 (2 million united states dollars) kept in a private security company here in Cote D’Ivoire in your name as the next of kin.

I am honourably seeking your assistance to confirm your identity as the recipient of this fund and to assist me contact the security company here to retrieve the funds held in your name.

Please contact my firm as soon as possible to expedite this transaction.

Thanks and God bless.

Best Regards,Boni Amah

Amah and Associates Solicitors,5th floor, Unity House,Lagos

What would your first reaction be if you got an email like the one above?

Email scams of this sort have become so notorious that most of us would probably recognise one immediately. They even have their own nickname; ‘Nigerian Prince Scams.’ But, surprisingly, there are still plenty of people being duped by this sort of fraud.

Far from fading away, Nigerian scams are still earning millions for cybercriminals. The time-tested formula for these frauds is to draw in the victim with a series of messages, beginning by mentioning a tantalisingly large sum of money and gradually manipulating them into revealing their bank account details or forwarding money to the scammer.

Evolving crime tactics

Contemporary Nigerian fraudsters aren’t limiting themselves to confidence tricks, though. As well as the basic scams like Nigerian Prince emails, which generally target individuals, Nigerian cybercriminals are now also using more sophisticated techniques like brandjacking and phishing to steal from companies.

Criminal syndicates with members both inside and outside Africa, cooperate to harvest business email credentials that will allow them to access company inboxes and capture financial data.

In a typical email-based attack, fraudsters send phishing emails to individuals working inside a target company that instruct them to log into a web portal. Phishing messages are often disguised as notifications from banks or accounting platforms and display forged trademark graphics relying on people’s trust of well-known brands to deceive them.

Once the victims have given up their credentials to a fake login page, the scammers monitor email traffic, looking for financial data they can use to divert payments into their own bank accounts.

> See some examples of email phishing scams using fake branding, in this article.

Crime worth $ billions

Despite the way cybersecurity has evolved since the first Nigerian Prince emails appeared in the 1990s, email-based crime is still a huge problem. Criminals still use email as their main cybercrime tool because it is so ubiquitous. In a recent blog article, MailGuard CEO Craig McDonald wrote: “Statistics show consistently that 90% of cyber-attacks are initiated via email... A cyber-attack email can hit millions of inboxes in seconds.”

ScamWatch Australia reports that Nigerian scams cost the Australian economy more than AU$1.5 million in 2017, an increase of AU$200k on the previous year.

Email attacks are a growing problem across the world. FBI data shows more than 40,000 email fraud incidents targeting US businesses between 2014 and 2016. Those fraud cases represent an estimated US$5.3 billion in losses.

Defend your inbox

Phishing attacks can be enormously costly and destructive and new scams are appearing every day. Don’t wait until it happens to your business; take action to protect your company, now.